Documentation ¶
Overview ¶
Copyright 2022 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Index ¶
- Constants
- func CloseAgent(teleAgent *teleagent.AgentServer, socketDirPath string) error
- func CreateAgent(me *user.User, key *client.Key) (*teleagent.AgentServer, string, string, error)
- func EnableDesktopService(config *service.Config)
- func EnableKube(t *testing.T, config *service.Config, clusterName string) error
- func EnableKubernetesService(t *testing.T, config *service.Config)
- func ExternalSSHCommand(o CommandOptions) (*exec.Cmd, error)
- func GetKubeClusters(t *testing.T, as *auth.Server) []types.KubeCluster
- func GetLocalIP() (string, error)
- func MakeProxyAddr(user, pass, host string) string
- func MakeTestDatabaseServer(t *testing.T, proxyAddr utils.NetAddr, token string, dbs ...service.Database) (db *service.TeleportProcess)
- func MakeTestServers(t *testing.T) (auth *service.TeleportProcess, proxy *service.TeleportProcess, ...)
- func MustCreateUserIdentityFile(t *testing.T, tc *TeleInstance, username string, ttl time.Duration) string
- func MustGetCurrentUser(t *testing.T) *user.User
- func NewListener(t *testing.T, ty service.ListenerType, fds *[]service.FileDescriptor) string
- func NewListenerOn(t *testing.T, hostAddr string, ty service.ListenerType, ...) string
- func Port(t *testing.T, addr string) int
- func PortStr(t *testing.T, addr string) string
- func SetTestTimeouts(t time.Duration)
- func SetupUser(process *service.TeleportProcess, username string, roles []types.Role) error
- func SetupUserCreds(tc *client.TeleportClient, proxyHost string, creds UserCreds) error
- func SingleProxyPortSetupOn(addr string) func(*testing.T, *[]service.FileDescriptor) *InstanceListeners
- func StandardListenerSetupOn(addr string) func(t *testing.T, fds *[]service.FileDescriptor) *InstanceListeners
- func StartAndWait(process *service.TeleportProcess, expectedEvents []string) ([]service.Event, error)
- func TestMainImplementation(m *testing.M)
- func TryCreateTrustedCluster(t *testing.T, authServer *auth.Server, trustedCluster types.TrustedCluster)
- func WaitForActiveTunnelConnections(t *testing.T, tunnel reversetunnel.Server, clusterName string, ...)
- func WaitForAuditEventTypeWithBackoff(t *testing.T, cli *auth.Server, startTime time.Time, eventType string) []apievents.AuditEvent
- func WaitForClusters(tun reversetunnel.Server, expected int) func() bool
- func WaitForDatabaseServers(t *testing.T, authServer *auth.Server, dbs []service.Database)
- func WaitForNodeCount(ctx context.Context, t *TeleInstance, clusterName string, count int) error
- func WaitForProxyCount(t *TeleInstance, clusterName string, count int) error
- func WaitForTunnelConnections(t *testing.T, authServer *auth.Server, clusterName string, expectedCount int)
- type ClientConfig
- type CommandOptions
- type DisabledIMDSClient
- func (d *DisabledIMDSClient) GetHostname(ctx context.Context) (string, error)
- func (d *DisabledIMDSClient) GetID(ctx context.Context) (string, error)
- func (d *DisabledIMDSClient) GetTags(ctx context.Context) (map[string]string, error)
- func (d *DisabledIMDSClient) GetType() types.InstanceMetadataType
- func (d *DisabledIMDSClient) IsAvailable(ctx context.Context) bool
- type DiscardServer
- type Fixture
- type InstanceConfig
- type InstanceListenerSetupFunc
- type InstanceListeners
- func SeparateMongoAndPostgresPortSetup(t *testing.T, fds *[]service.FileDescriptor) *InstanceListeners
- func SeparateMongoPortSetup(t *testing.T, fds *[]service.FileDescriptor) *InstanceListeners
- func SeparatePostgresPortSetup(t *testing.T, fds *[]service.FileDescriptor) *InstanceListeners
- func SingleProxyPortSetup(t *testing.T, fds *[]service.FileDescriptor) *InstanceListeners
- func StandardListenerSetup(t *testing.T, fds *[]service.FileDescriptor) *InstanceListeners
- func WebReverseTunnelMuxPortSetup(t *testing.T, fds *[]service.FileDescriptor) *InstanceListeners
- type InstanceSecrets
- func (s *InstanceSecrets) AllowedLogins() []string
- func (s *InstanceSecrets) AsSlice() []*InstanceSecrets
- func (s *InstanceSecrets) GetCAs() ([]types.CertAuthority, error)
- func (s *InstanceSecrets) GetIdentity() *auth.Identity
- func (s *InstanceSecrets) GetRoles(t *testing.T) []types.Role
- func (s *InstanceSecrets) String() string
- type ProxyAuthorizer
- type ProxyConfig
- type ProxyHandler
- type TeleInstance
- func (i *TeleInstance) AddClientCredentials(tc *client.TeleportClient, cfg ClientConfig) (*client.TeleportClient, error)
- func (i *TeleInstance) AddUser(username string, mappings []string) *User
- func (i *TeleInstance) AddUserWithRole(username string, roles ...types.Role) *User
- func (i *TeleInstance) AsTrustedCluster(token string, roleMap types.RoleMap) types.TrustedCluster
- func (i *TeleInstance) Create(t *testing.T, trustedSecrets []*InstanceSecrets, enableSSH bool, ...) error
- func (i *TeleInstance) CreateEx(t *testing.T, trustedSecrets []*InstanceSecrets, tconf *service.Config) error
- func (i *TeleInstance) GenerateConfig(t *testing.T, trustedSecrets []*InstanceSecrets, tconf *service.Config) (*service.Config, error)
- func (i *TeleInstance) GetSiteAPI(siteName string) auth.ClientI
- func (i *TeleInstance) NewClient(cfg ClientConfig) (*client.TeleportClient, error)
- func (i *TeleInstance) NewClientWithCreds(cfg ClientConfig, creds UserCreds) (tc *client.TeleportClient, err error)
- func (i *TeleInstance) NewUnauthenticatedClient(cfg ClientConfig) (tc *client.TeleportClient, err error)
- func (i *TeleInstance) Reset() (err error)
- func (i *TeleInstance) Start() error
- func (i *TeleInstance) StartApp(conf *service.Config) (*service.TeleportProcess, error)
- func (i *TeleInstance) StartApps(configs []*service.Config) ([]*service.TeleportProcess, error)
- func (i *TeleInstance) StartDatabase(conf *service.Config) (*service.TeleportProcess, *auth.Client, error)
- func (i *TeleInstance) StartKube(t *testing.T, conf *service.Config, clusterName string) (*service.TeleportProcess, error)
- func (i *TeleInstance) StartNode(tconf *service.Config) (*service.TeleportProcess, error)
- func (i *TeleInstance) StartNodeAndProxy(t *testing.T, name string) (sshPort, webProxyPort, sshProxyPort int)
- func (i *TeleInstance) StartNodeWithTargetPort(tconf *service.Config, authPort string) (*service.TeleportProcess, error)
- func (i *TeleInstance) StartProxy(cfg ProxyConfig) (reversetunnel.Server, *service.TeleportProcess, error)
- func (i *TeleInstance) StartReverseTunnelNode(tconf *service.Config) (*service.TeleportProcess, error)
- func (i *TeleInstance) StopAll() error
- func (i *TeleInstance) StopAuth(removeData bool) error
- func (i *TeleInstance) StopNodes() error
- func (i *TeleInstance) StopProxy() error
- type User
- type UserCreds
- type UserCredsRequest
- type WebClientPack
Constants ¶
const ( HostID = "00000000-0000-0000-0000-000000000000" Site = "local-site" )
const ( Loopback = "127.0.0.1" Host = "localhost" )
Variables ¶
This section is empty.
Functions ¶
func CloseAgent ¶
func CloseAgent(teleAgent *teleagent.AgentServer, socketDirPath string) error
func CreateAgent ¶
CreateAgent creates a SSH agent with the passed in private key and certificate that can be used in tests. This is useful so tests don't clobber your system agent.
func EnableDesktopService ¶
func ExternalSSHCommand ¶
func ExternalSSHCommand(o CommandOptions) (*exec.Cmd, error)
ExternalSSHCommand runs an external SSH command (if an external ssh binary exists) with the passed in parameters.
func GetKubeClusters ¶
GetKubeClusters gets all kubernetes clusters accessible from a given auth server.
func GetLocalIP ¶
GetLocalIP gets the non-loopback IP address of this host.
func MakeProxyAddr ¶
func MakeTestDatabaseServer ¶
func MakeTestDatabaseServer(t *testing.T, proxyAddr utils.NetAddr, token string, dbs ...service.Database) (db *service.TeleportProcess)
MakeTestDatabaseServer creates a Database Service It receives the Proxy Address, a Token (to join the cluster) and a list of Datbases
func MakeTestServers ¶
func MakeTestServers(t *testing.T) (auth *service.TeleportProcess, proxy *service.TeleportProcess, provisionToken string)
MakeTestServers starts an Auth and a Proxy Service. Besides those processes, it also returns a provision token which can be used to add other services.
func NewListener ¶
func NewListener(t *testing.T, ty service.ListenerType, fds *[]service.FileDescriptor) string
NewListener creates a new TCP listener on 127.0.0.1:0, adds it to the FileDescriptor slice (with the specified type) and returns its actual local address as a string (for use in configuration). The idea is to subvert Teleport's file-descriptor injection mechanism (used to share ports between parent and child processes) to inject preconfigured listeners to Teleport instances under test. The ports are allocated and bound at runtime, so there should be no issues with port clashes on parallel tests.
The resulting file descriptor is added to the `fds` slice, which can then be given to a teleport instance on startup in order to suppl
func NewListenerOn ¶
func NewListenerOn(t *testing.T, hostAddr string, ty service.ListenerType, fds *[]service.FileDescriptor) string
NewListener creates a new TCP listener on `hostAddr`:0, adds it to the FileDescriptor slice (with the specified type) and returns its actual local address as a string (for use in configuration). The idea is to subvert Teleport's file-descriptor injection mechanism (used to share ports between parent and child processes) to inject preconfigured listeners to Teleport instances under test. The ports are allocated and bound at runtime, so there should be no issues with port clashes on parallel tests.
The resulting file descriptor is added to the `fds` slice, which can then be given to a teleport instance on startup in order to suppl
func Port ¶
PortStr extracts the port number from the supplied string, which is assumed to be a host:port pair. The port value is returned as an integer. Any errors result in an immediately failed test.
func PortStr ¶
PortStr extracts the port number from the supplied string, which is assumed to be a host:port pair. The port is returned as a string. Any errors result in an immediately failed test.
func SetTestTimeouts ¶
SetTestTimeouts affects global timeouts inside Teleport, making connections work faster but consuming more CPU (useful for integration testing). NOTE: This function modifies global values for timeouts, etc. If your tests call this function, they MUST NOT BE RUN IN PARALLEL, as they may stomp on other tests.
func SetupUserCreds ¶
func SetupUserCreds(tc *client.TeleportClient, proxyHost string, creds UserCreds) error
SetupUserCreds sets up user credentials for client
func SingleProxyPortSetupOn ¶
func SingleProxyPortSetupOn(addr string) func(*testing.T, *[]service.FileDescriptor) *InstanceListeners
SingleProxyPortSetupOn creates a constructor function that will in turn generate an InstanceConfig that allows proxying of multiple protocols over a single port when invoked.
func StandardListenerSetupOn ¶
func StandardListenerSetupOn(addr string) func(t *testing.T, fds *[]service.FileDescriptor) *InstanceListeners
StandardListenerSetupOn returns a InstanceListenerSetupFunc that will create a new InstanceListeners configured with each service listening on its own port, all bound to the supplied address
func StartAndWait ¶
func TestMainImplementation ¶
TestMainImplementation will re-execute Teleport to run a command if "exec" is passed to it as an argument. Otherwise, it will run tests as normal.
func TryCreateTrustedCluster ¶
func TryCreateTrustedCluster(t *testing.T, authServer *auth.Server, trustedCluster types.TrustedCluster)
TryCreateTrustedCluster performs several attempts to create a trusted cluster, retries on connection problems and access denied errors to let caches propagate and services to start
Duplicated in tool/tsh/tsh_test.go
func WaitForActiveTunnelConnections ¶
func WaitForActiveTunnelConnections(t *testing.T, tunnel reversetunnel.Server, clusterName string, expectedCount int)
WaitForActiveTunnelConnections waits for remote cluster to report a minimum number of active connections
func WaitForClusters ¶
func WaitForClusters(tun reversetunnel.Server, expected int) func() bool
func WaitForDatabaseServers ¶
func WaitForNodeCount ¶
WaitForNodeCount waits for a certain number of nodes to show up in the remote site.
func WaitForProxyCount ¶
func WaitForProxyCount(t *TeleInstance, clusterName string, count int) error
WaitForProxyCount waits a set time for the proxy count in clusterName to reach some value.
Types ¶
type ClientConfig ¶
type ClientConfig struct { // Login is SSH login name Login string // Cluster is a cluster name to connect to Cluster string // Host string is a target host to connect to Host string // Port is a target port to connect to Port int // Proxy is an optional alternative proxy to use Proxy *ProxyConfig // ForwardAgent controls if the client requests it's agent be forwarded to // the server. ForwardAgent bool // JumpHost turns on jump host mode JumpHost bool // Labels represents host labels Labels map[string]string // Interactive launches with the terminal attached if true Interactive bool // Source IP to used in generated SSH cert SourceIP string // EnableEscapeSequences will scan Stdin for SSH escape sequences during command/shell execution. EnableEscapeSequences bool }
ClientConfig is a client configuration
type CommandOptions ¶
type CommandOptions struct { ForwardAgent bool ForcePTY bool ControlPath string SocketPath string ProxyPort string NodePort string Command string }
CommandOptions controls how the SSH command is built.
type DisabledIMDSClient ¶
type DisabledIMDSClient struct{}
DisabledIMDSClient is an EC2 instance metadata client that is always disabled. This is faster than the default client when not testing instance metadata behavior.
func (*DisabledIMDSClient) GetHostname ¶
func (d *DisabledIMDSClient) GetHostname(ctx context.Context) (string, error)
func (*DisabledIMDSClient) GetID ¶
func (d *DisabledIMDSClient) GetID(ctx context.Context) (string, error)
func (*DisabledIMDSClient) GetType ¶
func (d *DisabledIMDSClient) GetType() types.InstanceMetadataType
func (*DisabledIMDSClient) IsAvailable ¶
func (d *DisabledIMDSClient) IsAvailable(ctx context.Context) bool
type DiscardServer ¶
type DiscardServer struct {
// contains filtered or unexported fields
}
DiscardServer is a SSH server that discards SSH exec requests and starts with the passed in host signer.
func NewDiscardServer ¶
func (*DiscardServer) HandleNewChan ¶
func (s *DiscardServer) HandleNewChan(_ context.Context, ccx *sshutils.ConnectionContext, newChannel ssh.NewChannel)
func (*DiscardServer) Start ¶
func (s *DiscardServer) Start() error
func (*DiscardServer) Stop ¶
func (s *DiscardServer) Stop()
type Fixture ¶
type Fixture struct { Me *user.User // Priv/pub pair to avoid re-generating it Priv []byte Pub []byte // Log defines the test-specific logger Log utils.Logger }
func NewFixture ¶
func (*Fixture) DefaultInstanceConfig ¶
func (s *Fixture) DefaultInstanceConfig(t *testing.T) InstanceConfig
func (*Fixture) NewTeleportInstance ¶
func (s *Fixture) NewTeleportInstance(t *testing.T) *TeleInstance
func (*Fixture) NewTeleportWithConfig ¶
func (s *Fixture) NewTeleportWithConfig(t *testing.T, logins []string, instanceSecrets []*InstanceSecrets, teleportConfig *service.Config) *TeleInstance
NewTeleportWithConfig is a helper function that will create a running Teleport instance with the passed in user, instance secrets, and Teleport configuration.
type InstanceConfig ¶
type InstanceConfig struct { // Clock is an optional clock to use Clock clockwork.Clock // ClusterName is a cluster name of the instance ClusterName string // HostID is a host id of the instance HostID string // NodeName is a node name of the instance NodeName string // Priv is SSH private key of the instance Priv []byte // Pub is SSH public key of the instance Pub []byte // Log specifies the logger Log utils.Logger // Ports is a collection of instance ports. Listeners *InstanceListeners Fds []service.FileDescriptor }
InstanceConfig is an instance configuration
type InstanceListenerSetupFunc ¶
type InstanceListenerSetupFunc func(*testing.T, *[]service.FileDescriptor) *InstanceListeners
InstanceListenerSetupFunc defines a function type used for specifying the listener setup for a given test. InstanceListenerSetupFuncs are useful when you need to have some distance between the test configuration and actually executing the listener setup.
type InstanceListeners ¶
type InstanceListeners struct { Web string SSH string SSHProxy string Auth string ReverseTunnel string MySQL string Postgres string Mongo string IsSinglePortSetup bool }
InstanceListeners represents the listener configuration for a test cluster. Each address field is expected to be hull host:port pair.
func SeparateMongoAndPostgresPortSetup ¶
func SeparateMongoAndPostgresPortSetup(t *testing.T, fds *[]service.FileDescriptor) *InstanceListeners
WebReverseTunnelMuxPortSetup generates a listener config with a defined port for Postgres and Mongo
func SeparateMongoPortSetup ¶
func SeparateMongoPortSetup(t *testing.T, fds *[]service.FileDescriptor) *InstanceListeners
WebReverseTunnelMuxPortSetup generates a listener config with a defined port for MongoDB
func SeparatePostgresPortSetup ¶
func SeparatePostgresPortSetup(t *testing.T, fds *[]service.FileDescriptor) *InstanceListeners
WebReverseTunnelMuxPortSetup generates a listener config with a defined port for Postgres
func SingleProxyPortSetup ¶
func SingleProxyPortSetup(t *testing.T, fds *[]service.FileDescriptor) *InstanceListeners
SingleProxyPortSetup generates an InstanceConfig that allows proxying of multiple protocols over a single port.
func StandardListenerSetup ¶
func StandardListenerSetup(t *testing.T, fds *[]service.FileDescriptor) *InstanceListeners
StandardListenerSetup creates an InstanceListeners configures with each service listening on its own port, all bound to the loopback address
func WebReverseTunnelMuxPortSetup ¶
func WebReverseTunnelMuxPortSetup(t *testing.T, fds *[]service.FileDescriptor) *InstanceListeners
WebReverseTunnelMuxPortSetup generates a listener config using the same port for web and tunnel, and independent ports for all other services.
type InstanceSecrets ¶
type InstanceSecrets struct { // instance name (aka "site name") SiteName string `json:"site_name"` // instance keys+cert (reused for hostCA and userCA) // PubKey is instance public key PubKey []byte `json:"pub"` // PrivKey is instance private key PrivKey []byte `json:"priv"` // Cert is SSH host certificate Cert []byte `json:"cert"` // TLSCACert is the certificate of the trusted certificate authority TLSCACert []byte `json:"tls_ca_cert"` // TLSCert is client TLS X509 certificate TLSCert []byte `json:"tls_cert"` // TunnelAddr is a reverse tunnel listening port, allowing // other sites to connect to i instance. Set to empty // string if i instance is not allowing incoming tunnels TunnelAddr string `json:"tunnel_addr"` // list of users i instance trusts (key in the map is username) Users map[string]*User `json:"users"` }
func (*InstanceSecrets) AllowedLogins ¶
func (s *InstanceSecrets) AllowedLogins() []string
func (*InstanceSecrets) AsSlice ¶
func (s *InstanceSecrets) AsSlice() []*InstanceSecrets
func (*InstanceSecrets) GetCAs ¶
func (s *InstanceSecrets) GetCAs() ([]types.CertAuthority, error)
GetCAs return an array of CAs stored by the secrets object. In i case we always return hard-coded userCA + hostCA (and they share keys for simplicity)
func (*InstanceSecrets) GetIdentity ¶
func (s *InstanceSecrets) GetIdentity() *auth.Identity
func (*InstanceSecrets) GetRoles ¶
func (s *InstanceSecrets) GetRoles(t *testing.T) []types.Role
GetRoles returns a list of roles to initiate for this secret
func (*InstanceSecrets) String ¶
func (s *InstanceSecrets) String() string
type ProxyAuthorizer ¶
type ProxyAuthorizer struct {
// contains filtered or unexported fields
}
func NewProxyAuthorizer ¶
func NewProxyAuthorizer(handler http.Handler, user, pass string) *ProxyAuthorizer
func (*ProxyAuthorizer) ServeHTTP ¶
func (p *ProxyAuthorizer) ServeHTTP(w http.ResponseWriter, r *http.Request)
func (*ProxyAuthorizer) SetCredentials ¶
func (p *ProxyAuthorizer) SetCredentials(user, pass string)
func (*ProxyAuthorizer) WaitForRequest ¶
func (p *ProxyAuthorizer) WaitForRequest(timeout time.Duration) error
WaitForRequest waits (with a configured timeout) for a new request to be handled and returns the handler's error. This function makes no guarantees about which request error will be returned, except that the request error will have occurred after this function was called.
type ProxyConfig ¶
type ProxyConfig struct { // Name is a proxy name Name string // SSHAddr the address the node ssh service should listen on SSHAddr string // WebAddr the address the web service should listen on WebAddr string // ReverseTunnelAddr the address the reverse proxy service should listen on ReverseTunnelAddr string // Disable the web service DisableWebService bool // Disable the web ui DisableWebInterface bool // Disable ALPN routing DisableALPNSNIListener bool // FileDescriptors holds FDs to be injected into the Teleport process FileDescriptors []service.FileDescriptor }
ProxyConfig is a set of configuration parameters for Proxy TODO(tcsc): Add file descriptor slice to inject FDs into proxy process
type ProxyHandler ¶
func (*ProxyHandler) Count ¶
func (p *ProxyHandler) Count() int
Count returns the number of requests that have been proxied.
func (*ProxyHandler) ServeHTTP ¶
func (p *ProxyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
ServeHTTP only accepts the CONNECT verb and will tunnel your connection to the specified host. Also tracks the number of connections that it proxies for debugging purposes.
type TeleInstance ¶
type TeleInstance struct { // Secrets holds the keys (pub, priv and derived cert) of i instance Secrets InstanceSecrets // Hostname is the name of the host where instance is running Hostname string // Internal stuff... Process *service.TeleportProcess Config *service.Config Tunnel reversetunnel.Server RemoteClusterWatcher *reversetunnel.RemoteClusterTunnelManager // Nodes is a list of additional nodes // started with this instance Nodes []*service.TeleportProcess // UploadEventsC is a channel for upload events UploadEventsC chan events.UploadEvent // Log specifies the instance logger Log utils.Logger InstanceListeners Fds []service.FileDescriptor // contains filtered or unexported fields }
TeleInstance represents an in-memory instance of a teleport process for testing
func NewInstance ¶
func NewInstance(t *testing.T, cfg InstanceConfig) *TeleInstance
NewInstance creates a new Teleport process instance.
The caller is responsible for calling StopAll on the returned instance to clean up spawned processes.
func (*TeleInstance) AddClientCredentials ¶
func (i *TeleInstance) AddClientCredentials(tc *client.TeleportClient, cfg ClientConfig) (*client.TeleportClient, error)
AddClientCredentials adds authenticated credentials to a client. (server CAs and signed session key).
func (*TeleInstance) AddUser ¶
func (i *TeleInstance) AddUser(username string, mappings []string) *User
Adds a new user into i Teleport instance. 'mappings' is a comma-separated list of OS users
func (*TeleInstance) AddUserWithRole ¶
func (i *TeleInstance) AddUserWithRole(username string, roles ...types.Role) *User
AddUserUserWithRole adds user with one or many assigned roles
func (*TeleInstance) AsTrustedCluster ¶
func (i *TeleInstance) AsTrustedCluster(token string, roleMap types.RoleMap) types.TrustedCluster
func (*TeleInstance) Create ¶
func (i *TeleInstance) Create(t *testing.T, trustedSecrets []*InstanceSecrets, enableSSH bool, console io.Writer) error
Create creates a new instance of Teleport which trusts a list of other clusters (other instances)
func (*TeleInstance) CreateEx ¶
func (i *TeleInstance) CreateEx(t *testing.T, trustedSecrets []*InstanceSecrets, tconf *service.Config) error
CreateEx creates a new instance of Teleport which trusts a list of other clusters (other instances)
Unlike Create() it allows for greater customization because it accepts a full Teleport config structure
func (*TeleInstance) GenerateConfig ¶
func (i *TeleInstance) GenerateConfig(t *testing.T, trustedSecrets []*InstanceSecrets, tconf *service.Config) (*service.Config, error)
GenerateConfig generates instance config
func (*TeleInstance) GetSiteAPI ¶
func (i *TeleInstance) GetSiteAPI(siteName string) auth.ClientI
GetSiteAPI is a helper which returns an API endpoint to a site with a given name. i endpoint implements HTTP-over-SSH access to the site's auth server.
func (*TeleInstance) NewClient ¶
func (i *TeleInstance) NewClient(cfg ClientConfig) (*client.TeleportClient, error)
NewClient returns a fully configured and pre-authenticated client (pre-authenticated with server CAs and signed session key).
func (*TeleInstance) NewClientWithCreds ¶
func (i *TeleInstance) NewClientWithCreds(cfg ClientConfig, creds UserCreds) (tc *client.TeleportClient, err error)
NewClientWithCreds creates client with credentials
func (*TeleInstance) NewUnauthenticatedClient ¶
func (i *TeleInstance) NewUnauthenticatedClient(cfg ClientConfig) (tc *client.TeleportClient, err error)
NewUnauthenticatedClient returns a fully configured and un-authenticated client
func (*TeleInstance) Reset ¶
func (i *TeleInstance) Reset() (err error)
Reset re-creates the teleport instance based on the same configuration This is needed if you want to stop the instance, reset it and start again
func (*TeleInstance) Start ¶
func (i *TeleInstance) Start() error
Start will start the TeleInstance and then block until it is ready to process requests based off the passed in configuration.
func (*TeleInstance) StartApp ¶
func (i *TeleInstance) StartApp(conf *service.Config) (*service.TeleportProcess, error)
func (*TeleInstance) StartApps ¶
func (i *TeleInstance) StartApps(configs []*service.Config) ([]*service.TeleportProcess, error)
func (*TeleInstance) StartDatabase ¶
func (i *TeleInstance) StartDatabase(conf *service.Config) (*service.TeleportProcess, *auth.Client, error)
StartDatabase starts the database access service with the provided config.
func (*TeleInstance) StartKube ¶
func (i *TeleInstance) StartKube(t *testing.T, conf *service.Config, clusterName string) (*service.TeleportProcess, error)
func (*TeleInstance) StartNode ¶
func (i *TeleInstance) StartNode(tconf *service.Config) (*service.TeleportProcess, error)
StartNode starts a SSH node and connects it to the cluster.
func (*TeleInstance) StartNodeAndProxy ¶
func (i *TeleInstance) StartNodeAndProxy(t *testing.T, name string) (sshPort, webProxyPort, sshProxyPort int)
StartNodeAndProxy starts a SSH node and a Proxy Server and connects it to the cluster.
func (*TeleInstance) StartNodeWithTargetPort ¶
func (i *TeleInstance) StartNodeWithTargetPort(tconf *service.Config, authPort string) (*service.TeleportProcess, error)
StartNodeWithTargetPort starts a node and connects it to the cluster via a specified port.
func (*TeleInstance) StartProxy ¶
func (i *TeleInstance) StartProxy(cfg ProxyConfig) (reversetunnel.Server, *service.TeleportProcess, error)
StartProxy starts another Proxy Server and connects it to the cluster.
func (*TeleInstance) StartReverseTunnelNode ¶
func (i *TeleInstance) StartReverseTunnelNode(tconf *service.Config) (*service.TeleportProcess, error)
StartReverseTunnelNode starts a SSH node and connects it to the cluster via reverse tunnel.
func (*TeleInstance) StopAll ¶
func (i *TeleInstance) StopAll() error
StopAll stops all spawned processes (auth server, nodes, proxies). StopAll should always be called at the end of TeleInstance's usage.
func (*TeleInstance) StopAuth ¶
func (i *TeleInstance) StopAuth(removeData bool) error
StopAuth stops the auth server process. If removeData is true, the data directory is also cleaned up.
func (*TeleInstance) StopNodes ¶
func (i *TeleInstance) StopNodes() error
StopNodes stops additional nodes
func (*TeleInstance) StopProxy ¶
func (i *TeleInstance) StopProxy() error
StopProxy loops over the extra nodes in a TeleInstance and stops all nodes where the proxy server is enabled.
type UserCreds ¶
type UserCreds struct { // Key is user client key and certificate Key client.Key // HostCA is a trusted host certificate authority HostCA types.CertAuthority }
UserCreds holds user client credentials
func GenerateUserCreds ¶
func GenerateUserCreds(req UserCredsRequest) (*UserCreds, error)
GenerateUserCreds generates key to be used by client
type UserCredsRequest ¶
type UserCredsRequest struct { // Process is a teleport process Process *service.TeleportProcess // Username is a user to generate certs for Username string // RouteToCluster is an optional cluster to route creds to RouteToCluster string // SourceIP is an optional source IP to use in SSH certs SourceIP string // TTL is an optional TTL for the certs. Defaults to one hour. TTL time.Duration }
UserCredsRequest is a request to generate user creds
type WebClientPack ¶
type WebClientPack struct {
// contains filtered or unexported fields
}
WebClientPack is an authenticated HTTP Client for Teleport.
func LoginWebClient ¶
func LoginWebClient(t *testing.T, host, username, password string) *WebClientPack
LoginWebClient receives the host url, the username and a password. It will login into that host and return a WebClientPack.